Java Card 2.2.2:临时RSA公钥为瞬态
[英]Java Card 2.2.2: temporary RSA public key as transient
问题描述
I'm designing a Java Card (2.2.2 thus Classic) applet that will, at each use, receive a RSA public key (validated using means immaterial to the question), then use that RSA public key to verify an RSA signature. 
我正在设计一个Java Card(2.2.2因此经典)applet,它将在每次使用时接收RSA公钥(使用与问题无关的方式进行验证),然后使用该RSA公钥来验证RSA签名。
How can I keep that RSA public key in RAM (rather than writing it in EEPROM/Flash), for performance and device lifetime reasons ? 出于性能和设备寿命的原因,如何将RSA公钥保存在RAM中(而不是将其写入EEPROM / Flash)?
My problem is, in javacard.security.KeyBuilder of JC 2.2.2, the buildKey(byte keyType, short keyLength, boolean keyEncryption) API does not seem to have an option to specify transient memory; 我的问题是,在JC 2.2.2的javacard.security.KeyBuilder中, buildKey(byte keyType, short keyLength, boolean keyEncryption) API似乎没有指定瞬态内存的选项; I see neither 我也看不见
- a suitable
keyTypecombiningTYPE_RSA_PUBLICand transcient, as we have withTYPE_DES_TRANSIENT_DESELECT;一个合适的keyType结合TYPE_RSA_PUBLIC和TYPE_RSA_PUBLIC,就像我们有TYPE_DES_TRANSIENT_DESELECT; - not even
TYPE_RSA_PRIVATE_TRANSIENT_DESELECTwhich conceivably could be abused into a public key (on platforms with no test for the size of d ), for this is a novelty of Java Card Classic 3;甚至TYPE_RSA_PRIVATE_TRANSIENT_DESELECT也不会被滥用到公钥中(在没有测试d大小的平台上),因为这是Java Card Classic 3的新颖之处; - the
buildKey(byte algorithmicKeyType, byte keyMemoryType, short keyLength, boolean keyEncryption)with akeyMemoryTypeparameter, which also is a novelty of Java Card Classic 3.buildKey(byte algorithmicKeyType, byte keyMemoryType, short keyLength, boolean keyEncryption),带有keyMemoryType参数,这也是Java Card Classic 3的新颖之处。
Would bracketing all changes and uses of my RSA public key with beginTransaction() and abortTransaction() achieve my goal? 是否可以通过beginTransaction()和abortTransaction()将所有更改和使用我的RSA公钥实现目标?
1 个解决方案
解决方案1
6 已采纳 2016-03-09 21:53:43
I have been dealing with exactly the same problem and had to use persistent memory and wear leveling (which worked). 我一直在处理完全相同的问题,不得不使用持久性内存和磨损均衡(这是有效的)。
Even had the same idea with beginTransaction() / abortTransaction() , but was told by the card manufacturer that this won't work (They said it would make things even worse regarding EEPROM lifetime). 甚至与beginTransaction() / abortTransaction()有相同的想法,但是卡制造商告诉它这不起作用(他们说这会使EEPROM寿命更糟)。 YMMV. 因人而异。
Some remarks: 一些评论:
The performance was sufficient for given use case (which surprised me).
对于给定的用例(这令我感到惊讶),性能已经足够了。 Card lifetime can be estimated quite well (given you know how many re-write cycles the persistent memory has, it's block size, the frequency of different public key uses and wear leveling overhead).
可以非常好地估计卡的生存期(假设你知道持久内存有多少重写周期,它的块大小,不同公钥使用的频率和耗损均衡开销)。 Consider wear leveling both
RSAPublicKeyandCipherobjects together.考虑将RSAPublicKey和Cipher对象一起调平。Use as much memory for object pool as you can.
尽可能多地使用对象池内存。
There may be some vendor specific API which allows RSA computation (in our case there was no such possibility) 可能有一些供应商特定的API允许RSA计算(在我们的例子中没有这种可能性)
Good luck! 祝好运!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.